in general, ALL email headers can be faked. with an open relay of any kind, someone can send email to anyone looking like it came from anyone. it's not just the reply to, ALL email headers can be spoofed. for example, i just sent this from microsoft without any server configurations.
dumb email clients (i.e. those that don't do anything except display what they're given) won't complain, though if you check the headers, you can see where it really came from (randy at sermo.net). hence the idea behind SPF. http://www.openspf.org/howworks.html
randy
Nipun Jain wrote:
No, my domain is not blacklist. I could not check for open mail relay at checkor.com http://checkor.com as its not working right now. But I tried some other sites which said that my server was not an open relay. Maybe you can try to check it out yourself, my domain is www.ccet.in http://www.ccet.in. Also I am the sole user of my machine, so the unscruplous user is remote. If it helps, the webserver is not on my machine, its a remote shared webhosting (cPanel). Can anyone check to spoof an email by setting up their reply to address as something else? Does they face the same problem?